Detailing more than 24 million cyberattacks, FireHost has seen a large percentage increase in the number of common web attacks such as SQL Injection and Cross-Site Request Forgery. This increase can be attributed to ease of automation, enabling hackers to combine these techniques to quickly and surreptitiously steal data, install malware on servers, assimilate new botnet zombies or simply take down a site.
Compared with Q1 2013, the volume of Cross-Site Request Forgery (CSRF) attacks rose 16 percent while SQL Injection attacks, which have increased in each of the last five quarters, rose another 28 percent in Q2 2013.
Although Cross-site Scripting (XSS) is still the most prevalent attack type, with more than 1.2 million attacks being blocked this quarter, the small percentage increase (just 0.7 percent) in this type of attack suggests that XSS, when used in concert with other exploits, enables cybercriminals to gain access to more complex, higher reward attack vectors. What’s even more alarming is that these blended, automated attacks are being used increasingly from within cloud service provider networks.
“Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure,” said FireHost founder and CEO Chris Drake. “Many cloud providers unfortunately don’t adequately validate new customer sign-ups so opening accounts with fake information is quite easy. Once the account is created, APIs can be leveraged to deploy a lot of computing power on fast networks giving a person the ability to create a lot of havoc with minimal effort.”
Key statistics for the Q2 2013 Superfecta include:
- Total number of all attack types blocked by FireHost in Q2 2013: 24,074,406 (This includes low level attacks that are automatically blocked by FireHost’s IP Reputation Management “IPRM” filters)
- Superfecta attacks increased by six percent during the quarter with a total number of 3,643,620 blocked in Q2 2013 (up from 3,410,212 in Q1 2013)
- XSS was the most prevalent Superfecta attack type in Q2 2013 – with more than 1.2 million attacks being blocked, 33 percent of the total Superfecta attacks
- SQL Injections now represent 18 percent of all Superfecta attacks, CSRF attacks are now 26 percent of the Superfecta total. Both have grown in volume since Q1 2013.